Are Your Messages Safe? The Basics of Encryption and How Your Favorite Apps Measure Up
Are your messages secure?
With data breaches and other scams on the rise, you’ve probably asked yourself this question — whether you’re protecting sensitive information from a confidential source, or just keeping a close eye on your personal account.
Earlier this month, journalists swapped warnings about a particularly sneaky Google Doc invite that scammed even the savviest users.
More recently, major organizations across the globe experienced the wrath of a well-coordinated ransomware attack, known as WannaCry.
And just this week, we met its scarier successor: EternalRocks.
These debilitating attacks can make vulnerable the victim’s personal information and private correspondence. In their wake, many businesses and individuals are turning to encryption apps for protection.
But, with so many new messaging apps and platforms available, it’s easy to fall into the assumption of privacy. Here are some things to keep in mind.
Understanding Encryption Basics
First, it’s good to have a base level understanding of how message encryption works.
Encryption is a method of protecting data from others. In simple terms, the information is scrambled in its journey from sender to recipient, so that outside parties can’t intercept and read the information.
For example, when you use a credit card to shop online, your computer encrypts the information so others can’t steal your information in the transfer.
But, encryption goes well beyond your shopping cart. It protects you when sending and receiving sensitive information, helps secure your email, and keeps your cloud storage safe.
It dates back a long time, too.
Based on the science of cryptography, encryption dates back thousands of years. Commonly known examples come from the Greeks and Romans, who created secret messages by substituting letters only decipherable with a secret key.
Today, encryption largely is dependent on computers through the use of ciphers or algorithms. The complex codes automatically secure your mobile and computer data.
Most of your messages don’t need to be private, but — if you’re a journalist, in particular — there likely are times you want to keep information out of snoopy hands.
Different Layers of Protection
Back in March, we spoke with Skylar Nagao, chief product officer with Peerio, about how journalists are protecting confidential information and document drops.
“Having spoken with many journalists, people who are aware of their high-risk sources consider it a moral obligation to use encryption to protect them,” he says, in the post. “But not everyone is an expert in security.”
No system is 100 percent fool-proof, either.
The key is looking for messaging services that offer end-to-end encryption. This provides the best protection from third-party viewing.
Let’s break it down:
End-to-end encryption: Fully encrypted apps allow only you and the person with whom you’re talking to access your messages. Your communication isn’t stored on company servers and therefore can’t be mined for information by advertisers or law enforcement officials — even with a warrant. It’s so good that former FBI Director James Comey recently warned about the agency’s growing inability to gather evidence in the cyberworld.
Optional end-to-end encryption: Apps with optional end-to-end encryption offer the feature, but don’t set you up by default. In these cases, you typically have to opt in to this feature via the app’s settings.
No end-to-end encryption: Many popular social apps don’t offer end-to-end encryption. This means the platform and law enforcement have access to your messages. It’s also more susceptible to advertisers and hackers.
How Your Favorite Messaging Apps Measure Up
Messenger: Facebook messenger added end-to-end encryption in late 2016, but the feature is optional. To make a conversation secret, go to the app and press the icon on the top right to start a new conversation. Once there, select “secret” at top right. This will ensure your messages can only be seen by you and the person you’re chatting with. Facebook also provides an optional verification process. More details are available on the Facebook site.
Peerio: An app for file-sharing and private messaging, Peerio offers robust end-to-end encryption, ensuring “your data is secured on your device, in transit, and while at rest on our servers,” it says on its site. It’s also open source, meaning you or anyone else can review the source code to confirm that the app does what it says it will.
Slack: The popular Slack app has made itself an indispensable tool, particularly for media and tech teams. However, security may not be one of its strongest features. Slack touts data encryption in transit and at rest, but makes no mention of full, end-to-end encryption on its site. This means Slack may provide data to law enforcement and government entities if requested through the legal process, as stated in its privacy policies.
Confide: This confidential messenger app allows you to have “honest, unfiltered, off-the-record conversations. It allows you to speak freely, without the risk of what you say being forwarded on or permanently stored, just like when you’re talking in person,” it says on its site. All messages are fully encrypted, screenshot protected, and self destruct after being read.
Signal: Signal widely is respected as one of the most robust ways to protect your messaging and has seen a surge in downloads with the new White House administration. The fully encrypted app provides privacy for every message every time and is open source, enabling anyone to verify its security by auditing the code.
Snapchat: The app may be ephemeral in nature, but it does not offer end-to-end encryption. That means that even when deleted, your photos and text may be lingering somewhere on Snapchat’s servers in a recoverable form — making it great for casual messaging with friends.
Twitter: Twitter has shown potential interest in moving to encrypted messaging, but currently it’s not an option. Therefore, Twitter has access to your messages and may disclose your information in response to valid government requests.
WhatsApp: The messaging app built end-to-end encryption into its latest versions, so your messages and calls are secured by default. According to the site, “only you and the person you’re communicating with can read or listen to them, and nobody in between, not even WhatsApp.”
Semaphor: This open-source team messaging app was developed by SpiderOak, a company whose applications have gotten a thumbs up from Edward Snowden. The app acts similar to Slack in function, but provides end-to-end encryption. Nothing is stored on its server — so your conversations and documents remain completely private.
Wickr: Another workplace collaboration tool, Wickr aims to provide users a safe and productive space with end-to-end encryption. The company is “committed to constantly improving our best-in-class encryption technology against emerging threats that businesses and individual users face daily,” as stated on its site. Wickr will work with law enforcement, but says any content lawfully released may be undecipherable.
Subscribe to Beyond Bylines to get media trends, journalist interviews, blogger profiles, and more sent right to your inbox.
Anna Jasinski is manager of audience relations at PR Newswire and former magazine journalist. Follow her on Twitter at @annamjasinski. You can also catch her sharing the latest news in journalism and blogging on @BeyondBylines.
I am a daily, willingly, victim to Facebook and messenger. I had not put much thought to how secure my messages were before. I had the thought process that everyone was doing to, it must be safe. I believed that the messages I sent back and forth on messenger was secure and once I deleted them, they were gone. Now, I realize that without a program that encrypts the messages, that if someone wanted to see what you were up to that they could. Scary when you think about all the plans you make between you family and friends. Charles Ess states in his book Digital Media Ethics, “But many users do not seem to be aware, for example, that their email contains a great deal of information about them—including information that can be used to determine their identity—and that such information is essentially public (Ess, 2014).” I believe that we have become too comfortable with technology and need to become more educated on how private and secure our communications really are.